Minister for Data Protection Dara Murphy has said State departments must respect the rule of law when considering how they use people's personal data.
Mr Murphy, who was appointed to the new role by Taoiseach Enda Kenny last year, said he had already met the secretaries’ general of all government departments to discuss their use of people’s personal information.
He was speaking to The Irish Times ahead of the 9th Council of Europe Data Protection Day organised for today.
Data and its analysis created “huge opportunities” for business, for individuals and for government, the Minister said.
However, he wanted to encourage within departments a “greater focus on the responsibilities that they have for the protection of people’s data”.
He had had “very positive feedback” on the issue. “I think there is an acceptance that departments as part of the umbrella of government should transfer relevant data – and the word relevant is important – but they have to do so in a context that protects the rule of law.”
Consultation
A consultation process has been under way on the sharing of personal data across the public sector.
The Minister said his appointment showed a “conscious decision” at Government level to move data protection “up the agenda”.
He noted that funding for the Data Protection Commissioner had also been doubled this year.
On concerns about the new primary school pupil database, Mr Murphy said he believed Minister for Education Jan O’Sullivan was still examining the issue and that “constructive” talks were under way.
The Department of Education has asked schools to provide pupils’ personal details, including their PPS numbers, information on their religion and ethnicity and other sensitive information.
It has said the information will be kept until their 30th birthday.
“I do know that regard is being given for how data would be retained, in other words whether in some instances it would be depersonalised,” Mr Murphy said.
While performance information about students in certain areas and in certain circumstances “should be perhaps retained for I suppose for scientific or statistical purposes, I don’t necessarily see that in all instances the personal identity should remain with them”.
Educational facilities
“I have quite strong confidence that, in consultation with the Data Protection Commissioner, the Department of Education will come up with a set of measures that will satisfy the primary objective, which is to ensure the best possible use of data to provide the best possible educational facilities.”
Asked about the mass surveillance of Irish and European citizens by governments, including the UK, Mr Murphy said there were provisions in place for governments to access people’s personal data and he urged them to use those provisions.
“Just because it is possible to secure and interpret large amounts of data doesn’t mean that it’s right to do it and I think [LEGAL]need has to be shown.”
There were “well functioning” mutual legal assistance treaties in place to allow other states to apply to access data if they believed that was needed for the prevention or prosecution of crime or for the prevention of terrorism.
While he declined to comment directly on the revelations of mass surveillance revealed by former National Security Agency contractor Edward Snowden, Mr Murphy said the principles of privacy “must, must be respected no matter what the size of the country”.
Mr Murphy, who is also Minister for European Affairs, said there was “a strong requirement for increased cooperation between member states with respect to identifying “potential terrorists”.
He believed the issue of retaining air passenger name records needed to be moved “very much up the agenda”.
“It’s not tenable that we share passenger name data with America, Canada (although I know the Canadian one is under review) and Australia and yet we don’t share our passenger name records amongst ourselves.”
He said he did not see why this could not be developed while having regard to how long passenger names were held and for what purposes.
Mr Murphy said he disagreed with criticisms of Ireland’s data protection regime as being “soft”.
“I’ve been minister now for about six months and examples of where we are soft have yet to be presented to me.”
“There’s no doubt that we have a disproportionately high element of data and digital companies here and a lot of the companies which are subject to various topical issues across the European Union in this space have very strong presences here in Ireland.”
He believed there had been “significant vindications” of positions taken by the Data Protection Commissioner.
He said he had “absolute confidence” that when the new European data protection regulation currently being negotiated was agreed that it would be “applied rigidly” by the Data Protection Commissioner here.
“I do not accept that we have light touch regulation. I would accept that we have a difference of emphasis in some regards,” he said.
“Show us the examples of where we are allegedly meant to be soft. I haven’t come across them myself – reject it completely.”
The Minister, who will address a data-protection conference hosted by the Irish Computer Society in Dublin on Wednesday, said people had a responsibility to respect their own personal data and the data of their children.